MITRE, a leading organization in cybersecurity research and development, has recently disclosed a sophisticated cyber breach that highlights the evolving nature of modern cyber threats and the importance of robust cybersecurity measures.
The incident, which was confirmed in April 2024, involved the compromise of MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network used for research, development, and prototyping.
Upon detecting suspicious activity, MITRE promptly took action to contain the incident, including taking the NERVE environment offline and launched an investigation with the support of in-house and leading third-party experts.
According to the details shared in the separate blog post, the threat actor initiated the attack in January 2024 by conducting reconnaissance on MITRE's networks. Threat actors exploited two Ivanti Connect Secure VPN zero-day vulnerabilities and bypassed multi-factor authentication using session hijacking.
The adversaries then moved laterally within the network, compromising an administrator account to infiltrate MITRE's VMware infrastructure and employing backdoors and webshells for persistence and credential harvesting.
Despite following best practices, vendor instructions, and government advice in upgrading, replacing, and hardening their Ivanti system, the lateral movement into the VMware infrastructure went undetected.
"At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient," said Lex Crumpton writer for MITRE-Engenuity.
Following the detection of the breach, MITRE contacted authorities, notified affected parties, and is working to restore operational alternatives for collaboration in a secure manner.
The investigation is ongoing to determine the scope of information that may have been compromised. The company promise to share additional information as the investigation continues and concludes.
Jason Providakes, president and CEO of MITRE, emphasized the pervasive nature of cyber threats, stating-
"No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible. The threats and cyber attacks are becoming more sophisticated and require increased vigilance and defense approaches."
The company's blog post shares an overview of the incident and the company's ongoing work, emphasizing the importance of collective understanding and combating such threats.
"You can learn a lot from being hacked, and that knowledge can transform an entire industry," Crumpton wrote.
Additionally, MITRE suggests hardening networks through strong authentication, regular patch management, least privilege access, network segmentation, vulnerability assessments, and a robust threat intelligence program.
"While our initial response efforts have helped mitigate the immediate impact of the cyber-attack, we recognize the ongoing need for vigilance and adaptation,"
"Fifteen years ago was the last time we suffered a major cyber incident and it was a seminal moment for MITRE."
As the investigation is in progress, MITRE mentioned that there is no indication that MITRE’s core enterprise network or partners’ systems were affected by this incident.
MITRE, with its 50-plus-year history of developing standards and tools used by the global cybersecurity community, remains committed to arming cyber defenders worldwide with the resources needed to combat evolving threats.